Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS202939.roa
File:                     AS202939.roa (raw, json)
Hash identifier:          LF5NmSkaAFXdY33vfqLXeaw2KDEVDiHkGZ3tpEN5YIA=
Subject key identifier:   83:BE:30:31:57:19:FC:85:AB:BF:91:7B:0D:93:43:5C:D3:0D:34:CB
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       205CF697C4D0C1E17920D4B29CA96009499B700E
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS202939.roa
Signing time:             Thu 03 Jul 2025 15:51:57 +0000
ROA not before:           Thu 03 Jul 2025 15:46:57 +0000
ROA not after:            Thu 02 Jul 2026 15:51:57 +0000
asID:                     202939
IP address blocks:        2a06:a005:1ba0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:5c:f6:97:c4:d0:c1:e1:79:20:d4:b2:9c:a9:60:09:49:9b:70:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jul  3 15:46:57 2025 GMT
            Not After : Jul  2 15:51:57 2026 GMT
        Subject: CN=83BE30315719FC85ABBF917B0D93435CD30D34CB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:0e:b3:07:c0:75:17:42:ca:4f:9f:18:e7:4a:
                    29:79:35:bf:60:4d:9e:52:ae:29:53:77:96:07:16:
                    51:a0:34:cc:ed:19:56:89:09:22:b7:fa:33:c0:25:
                    0c:67:ed:61:28:2c:d1:03:89:f3:78:d1:2c:10:cf:
                    a0:f8:28:bf:d0:fb:10:54:33:45:e8:0b:1d:32:07:
                    17:69:ea:6b:55:79:26:19:87:bc:ea:77:a9:17:42:
                    95:f8:33:43:ff:9b:b3:2b:2d:b9:d1:fe:fa:06:e5:
                    ba:ac:4c:9b:4d:ee:4a:9e:bf:51:b9:0d:63:1b:82:
                    0c:5a:99:09:42:9b:00:8b:0c:74:27:68:88:d9:0d:
                    5b:81:0e:15:43:30:c9:a6:15:af:cc:fc:0b:74:79:
                    3d:75:8f:d8:6f:3d:c7:7d:5a:33:a7:8e:c3:db:89:
                    d1:a8:cf:fb:84:23:62:0e:bf:25:4e:e9:36:f7:d8:
                    90:13:45:a6:a6:5c:44:12:d4:ed:73:1f:3b:74:df:
                    b0:63:db:ed:9b:44:a6:2c:a2:7e:f8:84:d9:cb:d4:
                    3c:4a:17:e9:e1:ea:bf:1d:2c:ef:33:58:30:a9:b3:
                    40:57:b2:4f:aa:fb:bf:ca:db:81:66:d0:13:7b:ee:
                    b7:b0:84:e6:d9:d9:e7:36:55:d2:45:0a:ca:f7:95:
                    15:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:BE:30:31:57:19:FC:85:AB:BF:91:7B:0D:93:43:5C:D3:0D:34:CB
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS202939.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:a005:1ba0::/44

    Signature Algorithm: sha256WithRSAEncryption
         bf:04:1c:cc:b9:71:87:26:81:7f:76:23:bf:d4:b8:59:9a:08:
         56:44:c8:8b:92:53:e4:ff:0a:31:33:14:db:ea:25:32:b8:f1:
         8d:1f:bf:e1:6b:53:a8:f9:b6:e8:c2:b4:fe:d7:f4:d5:2d:66:
         23:0b:ef:26:a7:2f:2d:9a:ee:f4:d7:3d:c6:64:fd:d1:74:fe:
         c2:3b:16:67:3d:e3:17:5a:48:b6:84:7b:47:2d:e3:25:85:48:
         ac:64:ec:73:c8:59:16:38:d8:93:d9:60:d0:f0:c4:a0:37:41:
         d7:2e:96:df:54:2c:42:b2:29:8c:b2:67:a4:de:af:5e:1a:90:
         3a:cc:9e:94:f0:e2:cd:4d:e6:70:4e:64:42:a9:79:09:23:ce:
         d4:85:36:e1:5e:1e:d3:4e:17:6b:23:94:57:ed:b5:d6:85:7d:
         1f:2c:ce:88:dd:2b:f6:00:66:d8:3d:34:3c:ca:3f:16:9e:b0:
         24:fe:19:3c:86:1f:5d:eb:12:af:8d:91:8d:98:54:be:0e:60:
         d2:7f:55:7d:bf:1b:e2:6f:80:04:c7:1a:d2:17:5d:6a:db:c9:
         19:8b:8c:40:c9:7e:9b:f2:35:85:86:df:6e:08:34:5c:c3:9d:
         24:38:b1:4c:89:7f:9e:a3:8b:41:41:4a:72:5c:8e:44:5a:6f:
         92:27:d1:33
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUIFz2l8TQweF5INSynKlgCUmbcA4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTA3MDMxNTQ2NTdaFw0yNjA3MDIxNTUxNTdaMDMxMTAvBgNV
BAMTKDgzQkUzMDMxNTcxOUZDODVBQkJGOTE3QjBEOTM0MzVDRDMwRDM0Q0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqDrMHwHUXQspPnxjnSil5Nb9g
TZ5SrilTd5YHFlGgNMztGVaJCSK3+jPAJQxn7WEoLNEDifN40SwQz6D4KL/Q+xBU
M0XoCx0yBxdp6mtVeSYZh7zqd6kXQpX4M0P/m7MrLbnR/voG5bqsTJtN7kqev1G5
DWMbggxamQlCmwCLDHQnaIjZDVuBDhVDMMmmFa/M/At0eT11j9hvPcd9WjOnjsPb
idGoz/uEI2IOvyVO6Tb32JATRaamXEQS1O1zHzt037Bj2+2bRKYson74hNnL1DxK
F+nh6r8dLO8zWDCps0BXsk+q+7/K24Fm0BN77rewhObZ2ec2VdJFCsr3lRXtAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUg74wMVcZ/IWrv5F7DZNDXNMNNMswHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjAyOTM5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKgagBRugMA0GCSqGSIb3DQEBCwUAA4IBAQC/BBzM
uXGHJoF/diO/1LhZmghWRMiLklPk/woxMxTb6iUyuPGNH7/ha1Oo+bbowrT+1/TV
LWYjC+8mpy8tmu701z3GZP3RdP7COxZnPeMXWki2hHtHLeMlhUisZOxzyFkWONiT
2WDQ8MSgN0HXLpbfVCxCsimMsmek3q9eGpA6zJ6U8OLNTeZwTmRCqXkJI87UhTbh
Xh7TThdrI5RX7bXWhX0fLM6I3Sv2AGbYPTQ8yj8WnrAk/hk8hh9d6xKvjZGNmFS+
DmDSf1V9vxvib4AExxrSF11q28kZi4xAyX6b8jWFht9uCDRcw50kOLFMiX+eo4tB
QUpyXI5EWm+SJ9Ez
-----END CERTIFICATE-----